Техническая информация
- <SYSTEM32>\tasks\dlscord
- %APPDATA%\cheats.exe
- %APPDATA%\dlscord\dlscord.exe
- 'cd#.##scordapp.com':443
- '21#.#92.246.234':80
- http://21#.#92.246.234/Spread/Cheats.exe
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- '%APPDATA%\cheats.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand "PAAjAGgAbQB2ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAbAB0AGcAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUA...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncodedCommand "PAAjAGgAbQB2ACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAbAB0AGcAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUA...
- '<SYSTEM32>\schtasks.exe' /create /tn "dlscord" /sc ONLOGON /tr "%APPDATA%\Cheats.exe" /rl HIGHEST /f